Keystone has default policy defined in code, this change
removes the outdated values set in values.yaml in order to fall
back onto the in code values for policy.
Change-Id: If27eb0aa312b52c6fddd3811f10bc6207c7dfe27
The deployment scripts for glance have leftover value settings
from older openstack releases that are no longer supported by
OSH. This change removes those random override values and has
them fallback to the get-values-overrides script.
Change-Id: If348d8be9748c281be27bdf5e8ac37d240d72636
At the moment, the Cinder usage audit runs every 5 minutes which
is excessive and causes load on the system. Also, it defaults to
auditing an entire month which can take ages for large systems.
This patch makes it run sanely at the 5th minute of ever hour and
also runs the audit for the past hour only.
Change-Id: I59d1230fa4d33a2cf0364ade1a710e65ef449057
Signed-off-by: Mohammed Naser <mnaser@vexxhost.com>
Horizon complains about not defined the container_infra version in OPENSTACK_API_VERSIONS when using the magnum dashboard in horizon. Additional of the api version of the container_infra solves the issue.
Change-Id: I99faeffc82d9d0e50e01f17f3fbf2ca0d19c161b
When changes are made to config, helm upgrade failes with immutable fields in jobs. Addition of the helm hooks with post upgrade will delete the old job and create the new jobs which will solve the issue.
Also, mounted the shm and enabled hostNetwork in masakari monitors so that it can communicate with pacemaker remote for monitoring the cluster status.
Change-Id: I8a8bc5b7c77643872e65fac294d0ff48347c476b
After volumev1 and volumev2 were removed, openstack-helm-infra gates
started failing because they are deploying defult cinder image which
is currently stein. The python-openstackclient for stein sets volumev2
as default volume type. This was failing volume commands in cinder
bootstrap job for openstack-helm-infra gates
Change-Id: Ifcb3c813f132c9deedaba9a11f9ef721efcb92b0
This change removes the cinder v1 and v2 endpoint definitions
from the default values in the cinder chart.
Change-Id: I0ee35ad71c76df157e2c670a7899e4b6c1b91e46
Fix node labels for monitors agents as they need to run on the compute node where libvirt daemonset is running.
Change-Id: Ia4f3a510443f58b29d700421d77c5de51b0991b3
This change modifies the keystone-ldap job to run in check when
the keystone chart contains any modifications. This moves it from
running periodically to running on each keystone change.
Depends-On: https://review.opendev.org/c/openstack/openstack-helm/+/816209
Change-Id: I32008e3a14b0428922071205f873087c2aba071d
This patch allows the user to set log_config_append
to null which will flip back to the original shipped
logging config.
Change-Id: I1a2b90f208286a61c4ca5799a75d46d44bcd5296
This patch fixes the code for adding extra mounts
for the Designate pods, it would otherwise
generate invalid YAML.
Change-Id: I7126e20090714db85f571a3a6a80ea2fc4e069d5
The TLS job was previously broken with the change to helm v3, but
has since been fixed. This change makes it voting again.
Change-Id: I3ea6f12a4d165f9ff64e002e860e873a603f6a6d
This change updates the experimental jobs that are
currently working to use helm v3. Later changes should
fix the other issues that they are currently experiencing.
Change-Id: I068a9bb835e1bde4d11d8dee0352c49248c20b15
We currently run multiple jobs that deploy cinder on changes
that have no relation to the service. This change modifies the
job to only run when we modify the cinder chart, test scripts,
or the zuul files themselves.
Change-Id: Ia188193929143cb6ae52266a5a87d2662626d42e
This PS further enhances [1] to handle case where present
computes are up, but the number of present computes is not
equal to total number of expected computes.
[1] https://review.opendev.org/c/openstack/openstack-helm/+/815086
Change-Id: Idb2a7aeb202fe29fc528ba0dde987e7e0ee65a95
Similar to earlier changes [0] [1], this change ensures that the labels
for the nova-boostrap job are consistently applied under .metadata and
.spec.template.metadata.
Unfortunately, there was a conflict in the "application" label that was
unresolvable in a backwards-compatible way.
metadata:
labels:
application: nova-bootstrap
spec:
template:
metadata:
labels:
application: nova
...
The standard helm-toolkit labels are now applied in both places, and the
application: nova-bootstrap label is removed.
0: https://review.opendev.org/c/openstack/openstack-helm/+/812233
1: https://review.opendev.org/c/openstack/openstack-helm/+/813300
Change-Id: I72275f3cf59ca8c1677922ca3b6f2e10b5578ab0
Depends-On: I0c892be5aba7ccd6e3c378e4e45a79d2df03c06a
Oslo policy supports both JSON as well as YAML formatted file yet.
Because some projects yet use json file such as monasca-ui.
So horizon chart has to support both of them. Once all projects
convert their format to YAML we can remove json manifests.
Change-Id: I50ade6764750ac556cf552a003eb825d6b4b83d5
This change migrates the check jobs in OSH to use the
new helm v3 script when deploying kubernetes via
minikube.
This is one step in the move to helm v3. Future changes
will migrate the other jobs.
Change-Id: If741db5997a27ed06584b9af2d50485d8de34a2b
The move to helm v3 breaks the rendering for the ca-issuer chart.
While that gets fixed, we can temporary make the job non-voting
in order to unblock the migration to helm v3.
Change-Id: Ia25ac1f85974fc8c8ac8cf3ffedff746a92f2cf5
This change updates the image references in the keystone chart
to the latest supported releases of both openstack and ubuntu.
Change-Id: If4f30252b5d839cfe517ee57cbef96e7775e7ec5
In some deployement environments, nova compute processes took a bit
longer to register on all hosts, and vm/server is instantiated almost
immediately before the process is registered on remaining hosts.
This PS enhances the cell-setup-init script to enable option to
extend the wait before performing discover hosts.
Change-Id: Ie9867e64c554d4f39fdc7432823a1869f0b4a520
The keystone chart recently had a change to fix the world
readable warning message, but an extra fsGroup entry causes
the chart to fail to deploy when using helm3.
This change removes the offending entry from the values file
in the keystone chart.
Change-Id: I540854da7123f413215b627d3bfb077c6f4864c6
Now that the main linting job runs helm v3, this extra job is
no longer needed. This change removes the specific helm v3
linter job.
Change-Id: I40d6be368a4f36242c54b9a57b7e6f7328be8bb6
Current implementation of Keystone prints a warning message if the
directory containing the fernet keys is world readable (o+r). As OSH
uses a volumeMount to handle fernet keys and is by default readonly,
there is no meaningful way to make the directory (not the keys) world
unreadable. Consequently, keystone just keep logging that warning,
adding no particular value besides flooding the log.
Rather than disabling the log message in keystone (as that warning is
meaningful from a security standpoint), this patch set changes the way
we deal with the secret volume so the directory is no longer world
readable, so keystone will stop issuing that warning message.
Signed-off-by: Tin Lam <t@lam.wtf>
Change-Id: Id29abe667f5ef0b61da3d3825b5bf795f2d98865
